TMS zl Management and Configuration Guide ST.1.0.090213

7-112

Virtual Private Networks

Configure Firewall Access Policies for Your VPN

Configure Firewall Access Policies for

Your VPN

You must configure firewall access policies that allow the encapsulated traffic

as well as the decrypted traffic.

Consult the section that applies to your VPN:

■ “Access Policies for an IPsec Site-to-Site VPN with IKE” on page 7-112

■ “Access Policies for an IPsec Site-to-Site VPN with Manual Keying” on

page 7-116

■ “Access Policies for an IPsec Client-to-Site VPN with IKE” on page 7-118

■ “Access Policies for an L2TP over IPsec VPN” on page 7-121

■ “Access Policies for a GRE Tunnel” on page 7-126

■ “Access Policies for a GRE Tunnel over IPsec” on page 7-131

Access Policies for an IPsec Site-to-Site VPN with IKE

Before you begin configuring firewall access policies, determine the zone on

which traffic from the remote gateway arrives. Typically, this is the External

zone, but it could be another zone. The instructions below will refer to this

zone as the “remote zone.”

You should also determine the zone for local endpoints allowed on the VPN.

This might be the Internal zone or another zone. The instructions below will

refer to this zone as the “local zone.” If multiple zones are allowed to access

the VPN, you must create policies for each of these zones.

Then follow these steps:

1. In the left navigation bar of the Web browser interface, select Firewall >

Access Policies.

2. Click the Unicast tab.

3. Select None for User Group.

4. Click Add a Policy.